amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-05-07 04:25:25 +00:00
Code Issues Projects Releases Wiki Activity
1,466 Commits 7 Branches 46 Tags
b3a608735f979c0d8700aeca4f62f3ef40417871
Commit Graph

7 Commits

Author SHA1 Message Date
Sean Whalen c87aa3de08 fixes the incomplete changing of the headers in the SMTP TLS Reporting dashboard visualizations to match the rest of the project (lowercase words separated by _ 2026-04-25 19:17:28 -04:00
Sean Whalen 85554c2344 OpenSearch Dashboards: Restructure SMTP TLS dashboard to match Splunk layout (#728) 
The bundled `splunk/smtp_tls_dashboard.xml` is three tables — Reporting
organizations, Domains, Failure details — sharing the same TLS-RPT data.
The OSD dashboard had drifted into five panels (two pies + three tables)
that didn't line up with what the Splunk one shows. Replace them with
three `data_table` viz mirroring the Splunk layout.

Each table uses sum-only metric aggs (no count column) on the per-policy
or per-failure-detail session-count fields. OSD's Visualize agg pipeline
auto-wraps each terms/sum on a `policies.*` or `policies.failure_details.*`
field in the right `nested:{path: …}` agg, so per-policy and per-detail
totals come out correctly without any schema or write-path changes.

Reuse the existing IDs of the three drop-in replacements so re-importing
overwrites in place:
- 4f3b4cb0… (was "TLSRPT reporting organizations") → "Reporting organizations"
- eeb47eb0… (was "TLSRPT policies by domain") → "Domains"
- 5cbcd040… (was "SMTP TLS failures") → "Failure details"

The two pie-chart viz removed by this change have no equivalent in the
new layout. Upgraders will need to delete the orphans manually from OSD's
Saved Objects management page:
- 25f321e0-26d0-11f1-96a6-fb3734bd0b21 ("SMTP TLS sessions")
- 12065020-26d1-11f1-96a6-fb3734bd0b21 ("TLSRPT policies")

Co-authored-by: Sean Whalen <seanthegeek@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-25 16:14:35 -04:00
Sean Whalen a4a2155ab0 OpenSearch Dashboards: Show rows in the Message sources by Autonomous System viz even if some fields are missing 2026-04-23 22:38:10 -04:00
Sean Whalen 168244af95 Add Message sources by Autonomous System to Opensearch Dashboards (#725) 
Co-authored-by: Sean Whalen <seanthegeek@users.noreply.github.com>
 2026-04-23 19:22:03 -04:00
Sean Whalen 3d8dba6745 Fix colors in the OpenSearch Message disposition over time visualization 2026-04-05 21:01:16 -04:00
Sean Whalen 814d6985bb Stop hiding results that do not have a failure_reason in the SMTP TLS failures visualization 2026-04-05 18:34:40 -04:00
Sean Whalen 2032438d3b 9.4.0 
### Added

- Extracted `load_reverse_dns_map()` utility function in `utils.py` for loading the reverse DNS map independently of individual IP lookups.
- SIGHUP reload now re-downloads/reloads the reverse DNS map, so changes take effect without restarting.
- Add premade OpenSearch index patterns, visualizations, and dashboards

### Changed

- When `index_prefix_domain_map` is configured, SMTP TLS reports for domains not in the map are now silently dropped instead of being output. Unlike DMARC, TLS-RPT has no DNS authorization records, so this filtering prevents processing reports for unrelated domains.
- Bump OpenSearch support to `< 4`

### Fixed

- Fixed `get_index_prefix` using wrong key (`domain` instead of `policy_domain`) for SMTP TLS reports, which prevented domain map matching from working for TLS reports.
- Domain matching in `get_index_prefix` now lowercases the domain for case-insensitive comparison.
 2026-03-23 17:08:26 -04:00